Security Experts:

Obama Launches Cybersecurity 'Action Plan'

Cybersecurity National Action Plan

President Barack Obama on Tuesday unveiled a new cybersecurity "national action plan" calling for an overhaul of aging government networks and a high-level commission to boost security awareness.

The announcement responds to an epidemic of data breaches and cyber attacks on both government and private networks in recent years, and passage last year of a cybersecurity bill that aims to facilitate better threat sharing.

Obama asked for $19 billion for cybersecurity efforts in his budget request, a 35 percent increase from current levels, with $3 billion earmarked to help modernize the patchwork of computer systems used in government agencies.

"It is no secret that too often government IT is like an Atari game in an Xbox world," Obama said in a column in the Wall Street Journal.

"The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way. Going forward, we will require agencies to increase protections for their most valued information and make it easier for them to update their networks."

Obama said his plan would "address both short-term and long-term threats, with the goal of providing every American a basic level of online security."

The moves come after disclosures last year that personal data from some 20 million federal employees, contractors and others had been leaked in a massive breach at the Office of Personnel Management.

That followed news of attacks hitting health care networks, retailers and others affecting tens of millions more, and a devastating cyber attack on Sony Pictures.

"These cyberthreats are among the most urgent dangers to America's economic and national security," Obama said.

"That's why, over the past seven years, we have boosted cybersecurity in government -- including integrating and quickly sharing intelligence about cyberthreats -- so we can act on threats even faster."

Obama issued an executive order creating a 12-member cybersecurity commission to make recommendations to both the public and private sectors.

The panel is to issue a report to the president by December 1.

New Cybersecurity Chief

A White House statement said the plan calls for a new federal chief information security officer to direct cybersecurity across the federal government.

The White House said it would also step up efforts with the private sector to help consumers improve online security, in part by adding new protection to services requiring passwords.

A new campaign will be calling for "moving beyond just passwords and adding an extra layer of security," such as biometric identification or multi-factor authentication using a secure code, according to the White House.

The national cybersecurity awareness campaign "will include major technology firms such as Google, Facebook, Dropbox, and Microsoft" as well as financial service providers such as MasterCard, Visa and PayPal.

The government will also step up security for its own transactions with citizens with "effective identity proofing and strong multi-factor authentication methods," the White House said.

The announcements were made on "Safer Internet Day," designated by governments and technology firms to boost awareness of cybersecurity issues.

Separately Tuesday, US intelligence chief James Clapper told a Senate hearing that cyber threats were growing amid a wider adoption of connected devices and new systems that rely on artificial intelligence.

Clapper said "smart" Internet of Things (IoT) devices for autonomous vehicles, household appliances and systems such as electric power grids can open up new vulnerabilities for hacking.

"In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," Clapper said in prepared testimony.

He added that increased reliance on artificial intelligence "is creating new vulnerabilities to cyberattacks and influence operations," adding that these systems "are susceptible to a range of disruptive and deceptive tactics that might be difficult to anticipate or quickly understand."

The intelligence chief named Russia, China, Iran and North Korea as "leading threat actors" which pose risks for US security.

view counter